dovecot 2.0
Paul Howarth
paul at city-fan.org
Fri Apr 2 08:48:20 UTC 2010
On Tue, 30 Mar 2010 14:23:19 +0100
Paul Howarth <paul at city-fan.org> wrote:
> dovecot 2.0 renames some files from 1.x and needs some additional
> policy:
>
> File contexts:
>
> /etc/dovecot(/.*)? gen_context(system_u:object_r:dovecot_etc_t,s0)
>
> /usr/libexec/dovecot/auth --
> gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
>
> /usr/libexec/dovecot/dovecot-lda --
> gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
>
> Rules:
>
> type dovecot_tmp_t;
> files_tmp_file(dovecot_tmp_t)
> manage_dirs_pattern(dovecot_t, dovecot_tmp_t, dovecot_tmp_t)
> manage_files_pattern(dovecot_t, dovecot_tmp_t, dovecot_tmp_t)
> files_tmp_filetrans(dovecot_t, dovecot_tmp_t, { file dir })
> allow dovecot_t self:capability kill;
> allow dovecot_t dovecot_auth_t:process signal;
Another rule needed when it regenerates SSL DH parameters:
allow dovecot_t self:process setsched;
Paul.
More information about the selinux
mailing list